Skip to content

#1066 add openid parameters #1637

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 17 commits into from
Nov 29, 2023
Merged

#1066 add openid parameters #1637

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
de0f8b2
initial schema changes and testing
samuelcostae Oct 25, 2023
7b9050d
adding parameters to query
samuelcostae Nov 2, 2023
37bd019
Merge branch 'main' into 1066_add_openid_parameters
samuelcostae Nov 3, 2023
4140ce9
name refactor
samuelcostae Nov 3, 2023
fc168d0
Query Value replacement warning
samuelcostae Nov 9, 2023
2f888bf
Blocking Query Value replacement
samuelcostae Nov 13, 2023
b422ad4
Merge branch 'opensearch-project:main' into 1066_add_openid_parameters
samuelcostae Nov 14, 2023
2835de1
Just getting around 'unresolved import' lint error to see if tests fail
samuelcostae Nov 14, 2023
2cdfc69
Moved function to helper class and included unit test
samuelcostae Nov 14, 2023
8f4c6a6
babel import from main
samuelcostae Nov 14, 2023
0b4d5ed
Merge branch 'main' into 1066_add_openid_parameters
DarshitChanpura Nov 14, 2023
db25701
Merge branch 'opensearch-project:main' into 1066_add_openid_parameters
samuelcostae Nov 15, 2023
d8d8d84
additional unit test
samuelcostae Nov 17, 2023
ae6cfeb
reverting lint changes to eslintrc.js
samuelcostae Nov 17, 2023
fb7c5c1
Merge branch 'opensearch-project:main' into 1066_add_openid_parameters
samuelcostae Nov 21, 2023
06de876
Merge branch 'main' into 1066_add_openid_parameters
samuelcostae Nov 21, 2023
46e9d40
Merge branch 'main' into 1066_add_openid_parameters
DarshitChanpura Nov 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,4 @@
"resolutions": {
"selenium-webdriver": "4.10.0"
}
}
}
50 changes: 49 additions & 1 deletion server/auth/types/openid/helper.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,13 @@
* permissions and limitations under the License.
*/

import { composeLogoutUrl, getExpirationDate, getRootUrl, getNextUrl } from './helper';
import {
composeLogoutUrl,
getExpirationDate,
getRootUrl,
getNextUrl,
includeAdditionalParameters,
} from './helper';

describe('test OIDC helper utility', () => {
test('test compose logout url', () => {
Expand Down Expand Up @@ -56,6 +62,48 @@ describe('test OIDC helper utility', () => {
);
});

test('test include additional parameters in query', () => {
const contextMock = { security_plugin: { logger: { warn: jest.fn() } } };

const query = { existingKey: 'value' };
const constQueryModified = { existingKey: 'value', ping: 'pong', acr_values: '1' };
const config = {
openid: {
enabled: true,
client_secret: '',
additional_parameters: {
ping: 'pong',
acr_values: '1',
existingKey: 'foobar',
},
},
};

includeAdditionalParameters(query, contextMock, config);
expect(query).toEqual(constQueryModified);
expect(contextMock.security_plugin.logger.warn).toHaveBeenCalledTimes(1);
expect(contextMock.security_plugin.logger.warn).toHaveBeenCalledWith(
"Additional parameter in OpenID config 'existingKey' was ignored as it would overwrite existing parameters"
);
});

test('test include additional parameters in query when no additional parameters specified', () => {
const contextMock = { security_plugin: { logger: { warn: jest.fn() } } };

const query = { existingKey: 'value' };
const constQueryModified = { existingKey: 'value' };
const config = {
openid: {
enabled: true,
client_secret: '',
},
};

includeAdditionalParameters(query, contextMock, config);
expect(query).toEqual(constQueryModified);
expect(contextMock.security_plugin.logger.warn).toHaveBeenCalledTimes(0);
});

test('test root url when trusted header unset', () => {
const config = {
openid: {
Expand Down
14 changes: 14 additions & 0 deletions server/auth/types/openid/helper.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,3 +144,17 @@ export function getExpirationDate(tokenResponse: TokenResponse | undefined) {
return Date.now() + tokenResponse.expiresIn! * 1000;
}
}

export function includeAdditionalParameters(query: any, context, config) {
if (config.openid?.additional_parameters) {
for (const [key, value] of Object.entries(config.openid?.additional_parameters)) {
if (query[key] == null) {
query[key] = value;
} else {
context.security_plugin.logger.warn(
`Additional parameter in OpenID config '${key}' was ignored as it would overwrite existing parameters`
);
}
}
}
}
4 changes: 3 additions & 1 deletion server/auth/types/openid/routes.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ import {
composeLogoutUrl,
getNextUrl,
getExpirationDate,
includeAdditionalParameters,
} from './helper';
import { validateNextUrl } from '../../../utils/next_url';
import {
Expand Down Expand Up @@ -127,6 +128,7 @@ export class OpenIdAuthRoutes {
state: nonce,
scope: this.openIdAuthConfig.scope,
};
includeAdditionalParameters(query, context, this.config);
const queryString = stringify(query);
const location = `${this.openIdAuthConfig.authorizationEndpoint}?${queryString}`;
const cookie: SecuritySessionCookie = {
Expand Down Expand Up @@ -173,7 +175,7 @@ export class OpenIdAuthRoutes {
client_id: clientId,
client_secret: clientSecret,
};

includeAdditionalParameters(query, context, this.config);
try {
const tokenResponse = await callTokenEndpoint(
this.openIdAuthConfig.tokenEndpoint!,
Expand Down
1 change: 1 addition & 0 deletions server/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,7 @@ export const configSchema = schema.object({
verify_hostnames: schema.boolean({ defaultValue: true }),
refresh_tokens: schema.boolean({ defaultValue: true }),
trust_dynamic_headers: schema.boolean({ defaultValue: false }),
additional_parameters: schema.maybe(schema.any({ defaultValue: null })),
extra_storage: schema.object({
cookie_prefix: schema.string({
defaultValue: 'security_authentication_oidc',
Expand Down